ML050380333
| ML050380333 | |
| Person / Time | |
|---|---|
| Site: | Hatch  |
| Issue date: | 02/04/2005 |
| From: | NRC/RGN-II |
| To: | |
| References | |
| FOIA/PA-2004-0277 IR-03-006 | |
| Download: ML050380333 (3) | |
See also: IR 05000321/2003006
Text
1--1%-Z
FIRE PROTECTION MC 0612 APPENDIX B
Minor Questions Worksheet
Reference:
Triennial Fire protection Inspection
Plant:
Hatch Nuclear Plant
Report No.: I R 50-321, 366/2003-006
Performance Deficiency: The licensee's fire protection program for ensuring the ability to safely
shutdown the plant during a fire was inadequate, in that:
The plant modification installed by Design Change Request (DCR)91-134 did not
implement the specified design input requirements for actuating the eleven safety relief
valves (SRVs) using one out of two logic taken twice in support of nuclear boiler over
pressure protection. The installed plant modification actuates the SRVs using two out of
two coincidence logic taken twice and one out of two coincidence logic taken twice.
The installed plant modification has resulted in a common mode failure of all eleven
safety relief valves from fire induced damage to two instrumentation cables.
The safe shutdown analysis report (SSAR), identified several cables that were relied
upon for SSD during a fire, but the licensee failed to provide the required physical
protection from fire damage. A common mode failure of all eleven safety relief valves
could occur because of fire induced damage to two instrumentation cables. These
cables were not physically protected in accordance with the requirements of 10 CFR 50
Appendix R, section III.G.2. Instead, the SSAR designated that operator actions would
be taken to prevent or mitigate the effects of the fire damage. However, the licensee did
not obtain NRC exemptions for these manual actions.
Additionally, the manual actions were not performed early enough during the fire event
to provide reasonable assurance that all eleven SRVs would not have spuriously opened
as a result of fire damage. Performance of these manual actions were encumbered by
a lack of adequate lighting to facilitate completion of the action. Also the terminal block
points were not adequately labeled in order to ensure that the operators could correctly
identify the terminal links that were to be removed.
Description
A circuit analysis of SRV 2B21-FO13F (Path 1) and SRV 2B21-F013G (Path 2) revealed
that the design objective of implementing a "one-out-of-two taken twice" logic had not
been installed for the SRVs. The logic installed for the SRVs was a "two-out-of-two
taken twice" logic in addition to a "one-out-of-two taken twicem logic. The coincident
logic implemented using trip unit master relays K31 OD and K335D could result in
spurious actuation of Group A SRVs for a fire in Fire Area 2104. Additionally, the trip
unit slave relays associated with the master relays will also energize the pilot valves of
group B and group C SRVs and result in opening these SRVs. Whenever a SRV lifts, it
will remain open until nuclear boiler pressure is reduced to about 85% of its
overpressure lift setpoint. However, because the instrument loops have failed high, the
trip unit master relays and the trip unit slave relays will continue to energize the pilot
..
...
-1.1
valve of the individual SRV and keep the SRV open. As a result, this failure mode
prevents the operators from manually controlling the Group A SRVs as is required per
the SSAR.
Failure to manually control the SRVs will challenge the heat capacity temperature limit
of the suppression pool and result in the loss of net positive suction head to the Core
Spray pumps which are used for mitigating this event. This loss of containment heat
removal would increase the large early release frequency (LERF) and could potentially
lead to containment failure.
Fire Procedure, AOP 34AB-X43-001-2, Version 10.8, dated May 28, 2003, stated in step
9.3.2.1 that: 'To prevent all eleven SRVs from opening simultaneously, open links BB-
10 in Panel 2H1 1-P927 and BB-10 in Panel 2H11 -P928."
The team noted that spurious
opening of all eleven SRVs should be considered a large loss of coolant accident
(LOCA), and that a LOCA should be prevented from occurring during a fire event to
comply with 10 CFR 50, Appendix R, Section lll.L. Section lll.L requires that, during a
post-fire shutdown, the reactor coolant system process variables (e.g., reactor vessel
pressure and water level) shall be maintained within those predicted for a loss of normal
alternating current power. Having all eleven SRVs opened during a fire would challenge
this requirement. The team determined that step 9.3.2.1 was sufficiently far back in the
procedure that it may not be completed in time to prevent potential fire damage to the
instrumentation cables of concem, which would result in all eleven SRVs spuriously
opening.
Licensing Basis/Requirements:
Operating License Condition 2.C.(3)(a), Fire Protection; Title 10 of the Code of Federal
Regulations, Part 50 (10 CFR 50), Appendix R; 10 CFR 50.48; Appendix A of Branch
Technical Position (BTP) Auxiliary and Power Conversion Systems Branch (APCSB)
9.5-1; related NRC Safety Evaluation Reports (SERs); the Hatch Nuclear Plant Updated
Final Safety Analysis Report (UFSAR); and plant Technical Specification (TS).
Minor Questions:
Question (1) Could the finding be reasonably viewed as a precursor to a significant event?
NO
_
__
__
_
_
Question (2) If left uncorrected, would the finding become a more significant safety concern?
NO
Question (3)
Does the finding relate to performance indicators that would have caused the Pi
to exceed a threshold?
NO
Question (4)
Is the finding associated with one of the below cornerstone attributes and does
the finding affect the associated cornerstone objective?
%IC
YES - The team determined that this finding was associated with the 'design
control, equipment performance, and procedure quality" attributes. It affected
the objective of the initiating events cornerstone to limit the likelihood of events
that challenge critical safety functions as well as the mitigating systems
cornerstone to ensure the availability, reliability, and capability of systems that
respond to initiating events, and is therefore greater than minor.
CORNERSTONE OBJECTIVES AND ATTRIBUTES:
REACTOR SAFETY CORNERSTONE
Initiating Events Cornerstone: OBJECTIVE: to limit the likelihood of those events that upset
plant stability and challenge critical safety functions during shutdown as well as power
operations.
Attributes:
Design Control:
Protection Against External Factors:
Configuration Control:
Equipment Performance
Procedure Quality
Human Performance:
Initial Design and Plant Modifications
Flood Hazard, Fire, Loss of Heat Sink,
Toxic Hazard, Switchyard Activities, Grid
Stability
Shutdown Equipment Lineup, Operating
Equipment Lineup
Availability, Reliability, Maintenance, Barrier
Integrity (SGTR, ISLOCA, LOCA (S,M,L),
Refueling/fuel handling equipment
Procedure Adequacy
Human Error
Mitigating Systems: OBJECTIVE: to ensure the availability, reliability, and capability of systems
that respond to initiating events to prevent consequences (i.e., core damage).
Attributes:
Design Control:
Protection Against External Factors:
Configuration Control:
Equipment Performance
Procedure Quality:
Human Performance:
Initial Design and Plant Modifications
Flood Hazard, Fire, Loss of Heat Sink,
Toxic Hazard, Seismic
Shutdown Equipment Lineup, Operating
_Equipment Lineup,_
Availability, Reliability
Operating (Post Event) Procedure (AOPs,
SOPs, EOPs); Maintenance and Testing
(Pre-event) Procedures
Human Error (Post Event), Human Error
(Pre-event)
Because the answer to Questions (4) was "YES," the finding should be considered greater than
minor. Go to MC-0609, App. A.